With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
Y0ung-DST
/ List of API endpoints & objects
Created
February 7, 2023 00:00
— forked from yassineaboukir/List of API endpoints & objects
A list of 3203 common API endpoints and objects designed for fuzzing.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0 | |
| 00 | |
| 01 | |
| 02 | |
| 03 | |
| 1 | |
| 1.0 | |
| 10 | |
| 100 | |
| 1000 |
Y0ung-DST
/ PowerView-3.0-tricks.ps1
Created
November 25, 2022 11:39
— forked from HarmJ0y/PowerView-3.0-tricks.ps1
PowerView-3.0 tips and tricks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/ | |
| # tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c | |
| # the most up-to-date version of PowerView will always be in the dev branch of PowerSploit: | |
| # https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 | |
| # New function naming schema: | |
| # Verbs: | |
| # Get : retrieve full raw data sets | |
| # Find : ‘find’ specific data entries in a data set |
Y0ung-DST
/ kerberos_attacks_cheatsheet.md
Created
September 18, 2022 22:29
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
Y0ung-DST
/ CVE-2021-26723
Last active
May 8, 2021 21:33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Exploit Title: Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS. | |
| # Google Dork: Jenzabar — v9.2.0 / v9.2.1 / v9.2.2 | |
| # Date: 2021–02–05 | |
| # Exploit Author: y0ung_dst | |
| # Vendor Homepage: https://jenzabar.com | |
| # Version: Jenzabar — v9.2.0-v9.2.1-v9.2.2 (and maybe other versions) | |
| # Tested on: Windows 10 | |
| # CVE : CVE-2021-26723 | |